CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-8452

HIGH
7.8
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile4.51th
Published2019年4月22日
Last Modified2024年11月21日

Vulnerability Description

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Affected Platforms (CPE)

📦
Checkpoint

Endpoint Security

< e80.96
📦
Checkpoint

Zonealarm

<= 15.4.062

References & Advisories

🔗 http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html
🔗 https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012
🔗 https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
🔗 http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html
🔗 https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012
🔗 https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

相關漏洞威脅

CVE-2009-124010.0

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, ...

CVE-2009-254310.0

Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Securi...

CVE-2009-142910.0

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); S...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...